On Sun, Feb 04, 2001 at 12:15:19PM -0600, Mikkel L. Ellertson wrote:
> Did I miss an update, or do I have a cracker that is out of date? I
> have someone trying to connect up to port 515 (printserver) on my
> firewall. He/she/it isn't having much luck so far... ;-)
Probably someone looking to break into LPRng that came on the
original (pre respin) RedHat 7.0. The Ramen worm, in particular, tries
to break in this way. The majority of RedHat 7.0 should be safe. Your
only worry is if you used the original ISO images (not a purchased
version or the respin version) or built the system prior to the
LPRng update. Ramen checks the banner from ftp to see if you are
running a RedHat 7.0 site, so a lot of RedHat 7.0 systems will get
hammered by LPR requests, even if they are not vulnerable, if they
have ftp enabled. Ramen is resulting in very significant increases
in port scanning on ports 21 and 111 plus some port probing to 515.
> Mikkel
> --
>
> Do not meddle in the affairs of dragons,
> for you are crunchy and taste good with ketchup.
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
